Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Research Team Finds 50% Increase in Exposed Data in One Year
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Everyone loves a sequel. If you’re an avid Marvel fan, you’re probably sitting on the edge of your seat waiting for your fix of new movies. If you’re a Harry Potter fan, you may be wondering when J.K Rowling is going to pick up her pen. In the entertainment industry, fans look forward to a sequel with eager anticipation. While fans may be itching to see sequels produced by the entertainment industry, security practitioners may dread research sequels by our Digital Shadows Photon Research Team. Recently, we found 2.3 billion files exposed across online file storage technologies – and that’s 750 million more files exposed than we reported last year.
A less tantalizing sequel, perhaps? Well, we certainly don’t expect Hollywood to buy the rights to this report soon. But for the cybersecurity community, this research shows there are several developments – both positive and negative – in the data exposure landscape.
Overall, SMB – a protocol used for sharing files on internal networks, mainly on the Windows platform – took a larger share of the pie, doubling its overall file share exposure. FTP and rsync servers followed closely behind accounting for 20 percent and 16 percent of the exposure detected, respectively.
The story around Amazon S3 buckets is quite the opposite; though the overall volume of file exposure increased over the last year, there was a noticeable decline in ongoing exposure.
Figure 1: Number of files being exposed by Amazon S3 buckets over the past year
This comes as no surprise as Amazon’s new feature Block Public Access was introduced in November 2018, seeming to quell the consistent leakage of S3 buckets. Such a move by Amazon demonstrates the sheer power of a secure default – so, could such a simple security default also benefit other file sharing platforms?
SMB, FTP, rsync servers and NAS drives already have security defaults built into their products, whether that’s in the form of encryption or authentication. For example, Microsoft outlines that the SMB protocol can be secured at a user and share level.
The availability of these security mechanisms indicates that the issue is not a lack of authentication options on offer, but rather a lack of uptake when it comes to implementing these authentication methods.
This research also identified that 17 million files had been held hostage by various ransomware variants. Although we detected several variants of ransomware encrypted these files, one in particular, caught our attention: SamSam. If the name rings a bell, you may recall in our paper A Tale of Epic Extortions, Photon detailed how the “SamSam” ransomware operators gained access to victim networks and held sensitive data hostage. Within our data analysis, we identified a commonly known SamSam extension (.otherinformation) appended to files within exposed file stores. The attacks we identified had not been previously reported publicly, adding an interesting discovery to our research.
Explaining the increase of exposure across SMB, FTP, rsync servers and NAS drives is complex, but we outline some potential indicators:
This recent research shows that keeping pace with these interconnected file storage devices can be difficult – especially at an operational level. The number of these file storage devices is only going to grow, as new devices come online and old ones remain switched on.
Without the right security controls in place, this inadvertent data exposure can be challenging to track – though not an entirely impossible one to control.
Digital Shadows SearchLight™ enables organizations to detect data loss. With SearchLight, organizations register their document marking systems, email headers, and intellectual property. SearchLight then continually monitors for these assets across the open, deep, and dark web to detect where this data is exposed. Each alert includes recommendation actions, including the ability to launch takedowns from within the SearchLight portal.
You can check out our Data Loss Detection overview also to learn more:
And if you want to keep updated on the latest research our team produces – subscribe to join our email list ✉️